1. Field of the Invention
The application relates to a method used in a wireless communication system and related communication device, and more particularly, to a method for handling security in an SRVCC handover in a wireless communication system and related communication device.
2. Description of the Prior Art
A long-term evolution (LTE) system, initiated by the third generation partnership project (3GPP), is now being regarded as a new radio interface and radio network architecture that provides a high data rate, low latency, packet optimization, and improved system capacity and coverage. In the LTE system, an evolved universal terrestrial radio access network (E-UTRAN) includes a plurality of evolved Node-Bs (eNBs) and communicates with a plurality of mobile stations, also referred as to user equipments (UEs).
A Single Radio Voice Call Continuity (SRVCC) provides the ability to transmit a voice call from the VoIP/IMS (IP Multimedia Subsystem) packet domain to the legacy circuit domain. Variations of SRVCC are being standardized to support both GSM/UMTS and CDMA 1× circuit domains. For an operator with a legacy cellular network who wishes to deploy IMS/VoIP-based voice services in conjunction with the rollout of an LTE network, SRVCC provides their VoIP subscribers with coverage over a much larger area than would typically be available during the rollout of a new network.
SRVCC functions as follows. An SRVCC-capable UE engaged in a voice call transmits measurement reports including measurement results to the LTE network (e.g. E-UTRAN). The LTE network determines that the voice call needs to be moved to the legacy Circuit-Switched (CS) domain based on the measurement results. It notifies a mobile switching center (MSC) server of the need to switch the voice call from the Packet-Switched (PS) to the CS domain and initiates a handover of the LTE voice bearer to the circuit network (e.g. UTRAN, GERAN or CDMA2000). The MSC server establishes a bearer path for the mobile station in the legacy network and notifies the IMS core that the UE's call leg is moving from the PS to the CS domain. The call leg represents a logical connection between the router and either a telephony endpoint over a bearer channel, or another endpoint. The circuit-packet function in the IMS core then performs the necessary inter-working functions. When the UE arrives on-channel in the legacy network, it switches its internal voice processing from VoIP to legacy-circuit voice, and the call continues.
Information security shall be applied for transmissions during and after the SRVCC to avoid malicious intruders. In the LTE, UMTS, and GERAN Iu mode systems, ciphering and integrity protection are employed, whereas the GERAN (non Iu mode) only applies ciphering. Furthermore, the LTE is a pure packet switched (PS) system, while the UMTS, GERAN and GERAN Iu mode systems are hybrid systems of PS and CS (Circuit Switched) service domains. Thus, a UE compatible with all the abovementioned systems includes: security configuration of the LTE system (for E-UTRAN) including a START, a CK (Cipher Key), an IK (Integrity Key), an eKSI (evolved Key Set Identifier), a NAS DL COUNT (Non Access Stratum Downlink COUNT), and a KASME (a key used between the UE and a mobile management entity); security configuration of the UMTS (for UTRAN) and GERAN Iu mode systems including STARTCS/STARTPS, CKCS/CKPS, IKCS/IKPS, KSICS/KSIPS, and COUNTPS; and security configuration of the GERAN system including a GSM ciphering key (CK) and a GPRS (Global Packet Radio Service) ciphering key (CK).
The handling of security keys (e.g. ciphering and integrity) for SRVCC handover from E-UTRAN to UTRAN/GERAN/CDMA2000 is specified in 3GPP TS 23.216. However, the handling of security keys for SRVCC from UTRAN/GEARN/CDMA2000 to E-UTRAN has not been defined. In UTRAN, the UE may have two active key sets (One key set is for CS and the other key set is for PS). It is not clear what key set is used to derive security keys used in E-UTRAN. Therefore the call drops after the SRVCC handover from UTRAN/GEARN/CDMA2000 to E-UTRAN because the UE and the network may not use same security keys talking to each other.